U. Michigan students get DC test election website to play the school’s fight song

By Jessica Gresko, AP
Tuesday, October 5, 2010

Michigan students get DC vote site to play song

WASHINGTON — University of Michigan students hacked a prototype D.C. elections voting site and programmed it to play their fight song, prompting election officials to temporarily take it down.

For the past week The D.C. Board of Elections & Ethics has encouraged outsiders to try to find faults in the system, which was designed to allow some 950 military and overseas voters to cast ballots online. The system had not yet been put into effect, but officials had hoped to use it for the November election. A scaled-back version of the site was relaunched Tuesday.

The students had rigged the site to play the Michigan fight song “The Victors” — which begins with the words “Now for a cheer they are here, triumphant!” — after a ballot was submitted on a “Thank You” page.

Paul Stenbjorn, the board’s director of information services, said he didn’t bother listening.

“To be quite honest I didn’t listen to it. I was less concerned with what the file was. Just knowing it was there was there was enough,” Stenbjorn said of the MP3 file students embedded. “No one here is a University of Michigan alum, so we didn’t necessarily find it all that amusing.”

Stenbjorn said, however, that the hack was exactly why officials asked for help testing the system.

“This is why we did this. This was one of the objectives,” Stenbjorn said.

Officials discovered the hack on Wednesday and pulled down the site Friday. It went back up after the vulnerability was fixed.

The relaunched site will allow voters to download ballots, but not cast them online as originally planned. Instead, they’ll have to mail, fax or e-mail them in. The system is still an improvement over past years when overseas voters were sent their ballots by mail. Stenbjorn said he hopes to restore the ballot-casting feature in 2011.

The Michigan students had some help with their mischief. Officials shared complete source code with them as well as the layout of the servers on which the program runs.

The students weren’t the only ones testing the system. More than 100 people requested credentials to test the site. So far, officials have gotten about 50 comments ranging from Macintosh users who had trouble with the system to how to make pages load better. But the Michigan hack, first reported by The Washington Post, was the biggest problem.

Stenbjorn declined to give the names or contact information for the Michigan students, but agreed to pass along a reporter’s query to them. They didn’t immediately respond.